Lion Air Group data breach: 35 million passenger data is leaked from AWS servers

Network security specialists report that Malindo Air, a subsidiary of Lion Air Group, a low-cost Indonesian airline, suffered a data breach that has compromised the information of thousands of passengers. The compromised information was even detected in multiple information-sharing forums for more than a month. Compromised records include phone numbers, passport details, and information about users’ flights.

Researchers from security firm Kaspersky Lab found that more than 30 million airline records were available for download on some forums, so they concluded that the most likely cause of this incident is a misconfigured server.

The databases were first published on August 12; after revoking access, those responsible republished the databases on September 10 and 17. “Whoever did this must have access to the Amazon Web Services (AWS) bucket where this information was stored,” network security specialists say.

Through a statement released a few hours ago, Malindo Air acknowledged the incident, adding that all of its servers “have already been fully secured and any vulnerability has been corrected”. Malindo Air also noted that its users’ payment card information has not been exposed during this incident; an external security company is in collaboration with the company for the investigation of the incident.

Network security specialists say that poor configuration of cloud computing deployments has become one of the leading causes of information security incidents in recent times. It is important to add that these kinds of implementations, such as AWS buckets, have default private configuration, so it is the responsibility of the companies that use them to verify the correct implementation of any changes to this settings.

Roger Grimes, specialist at KnownBe4 firm, confirms this theory, stating that thousands of companies around the world make the same security mistakes as Lion Air all the time: “The wrong configuration of access and permissions in cloud computer deployments is one of the most common cybersecurity issues today.” 

In addition to the errors of the staff in charge of these implementations, we should not forget the role of threat actors. Network security specialists at the International Institute of Cyber Security (IICS) mention that, due to the large amount of confidential details they manage, airlines have become one of the main attack targets for hackers, generating serious public image problems and huge economic losses for the companies. A year ago, for example, a data breach at British Airways exposed the personal information of more than 350k users, resulting in a fine of more than £180 million for the company.

Experts recommend that users concerned about the security of their data contact the airline, as well as remain alert to possible phishing attempts and other fraud variants.